/* * Verify a Certificate Verify message */ bool Certificate_Verify::verify(const X509_Certificate& cert, const Handshake_State& state, const Policy& policy) const { std::unique_ptr<Public_Key> key(cert.subject_public_key()); policy.check_peer_key_acceptable(*key); std::pair<std::string, Signature_Format> format = state.parse_sig_format(*key.get(), m_hash_algo, m_sig_algo, true, policy); PK_Verifier verifier(*key, format.first, format.second); return verifier.verify_message(state.hash().get_contents(), m_signature); }
/** * Verify a Server Key Exchange message */ bool Server_Key_Exchange::verify(const Public_Key& server_key, const Handshake_State& state, const Policy& policy) const { policy.check_peer_key_acceptable(server_key); std::pair<std::string, Signature_Format> format = state.parse_sig_format(server_key, m_hash_algo, m_sig_algo, false, policy); PK_Verifier verifier(server_key, format.first, format.second); verifier.update(state.client_hello()->random()); verifier.update(state.server_hello()->random()); verifier.update(params()); return verifier.check_signature(m_signature); }
/* * Verify a Certificate Verify message */ bool Certificate_Verify::verify(const X509_Certificate& cert, const Handshake_State& state, const Policy& policy) const { std::unique_ptr<Public_Key> key(cert.subject_public_key()); policy.check_peer_key_acceptable(*key); std::pair<std::string, Signature_Format> format = state.parse_sig_format(*key.get(), m_scheme, true, policy); const bool signature_valid = state.callbacks().tls_verify_message(*key, format.first, format.second, state.hash().get_contents(), m_signature); #if defined(BOTAN_UNSAFE_FUZZER_MODE) return true; #else return signature_valid; #endif }
/** * Verify a Server Key Exchange message */ bool Server_Key_Exchange::verify(const Public_Key& server_key, const Handshake_State& state, const Policy& policy) const { policy.check_peer_key_acceptable(server_key); std::pair<std::string, Signature_Format> format = state.parse_sig_format(server_key, m_scheme, false, policy); std::vector<uint8_t> buf = state.client_hello()->random(); buf += state.server_hello()->random(); buf += params(); const bool signature_valid = state.callbacks().tls_verify_message(server_key, format.first, format.second, buf, m_signature); #if defined(BOTAN_UNSAFE_FUZZER_MODE) return true; #else return signature_valid; #endif }